> PGP is a better solution, and can be made sure that a company/person generated the address.

I like PGP as well as the next person, but the SSL trust network is far better established than PGP's, and either of them can verify that a company/person generated the address.

PGP might be a better solution *in theory*, but in practice SSL is actually used by ~100% of people on the Internet.  What percentage of all of the people you know have actually signed or encrypted a message using PGP?